Highland Solutions provides
transformative business automation and superior information technologies in
service of clear business goals.

Jeff
Nixon
COO

Mr. Nixon is a high-impact
business leader who joined the company in 2012. He is a successful P/L
manager–especially skilled at recognizing trends and opportunities then
deploying resources to capitalize on them. He has a solid history of
innovative leadership, continuous improvement, product development, managing
leading-edge technology and delivering excellent products and services.

“We
think that an investment in our own security and compliance measures is an
investment in our clients and in the relationships we build with our
clients; so we exemplify that passion by the rigor that we use internally to
manage our own business. We think that builds a great trusting relationship
with our clients.” - Jeff Nixon

CEOCFO:Mr. Nixon, it has been over a year since we have spoken; what has
changed at Highland Solutions?

Mr. Nixon:
We have continued to learn that technology solutions companies like Highland
really need to get to know their clients in a way that allows them to
understand their issues and concerns deeply and meaningfully. This allows us
create a great experience with technology. So much of what has changed in
the marketplace tends to be the way in which clients look for technology
solutions. Our clients are more informed than ever before. When they come to
us, thanks to the power of the internet, what they are really looking for is
somebody they can trust and provides a great experience. That is what led us
down a path about a year or so ago to begin looking at the issues related to
compliance and security within our client base.

CEOCFO: Regarding the
trust factor, is it more the technology you are able to propose or the
approach you take in presenting it?

Mr. Nixon:
Definitely the approach. When clients first come to us, what they are really
trying to understand is, "Who can I trust and who will listen to me and my
business concerns?" We did some research last year with our existing
clients, asking them why they do business with companies like Highland. They
actually did not know that Highland was the sponsor of the research.
Essentially, they came back to three key driving points that influenced
their decision to select us. One is that we get to know them—not just
getting to know their business needs—but getting to know them, their fears,
their emotions and how they are judged. That is a huge part of their
decision process. Second is getting to know their business; and that is
typically the more standard sorts of themes that you would encounter;
business goals, objectives and how the technology they are contemplating can
make them more profitable and competitive as well as efficient. Thirdly,
which was interesting, was this theme around save me from myself.
What they found is that a number of companies that they dealt with which
were technology firms, tended to be more "yes" people. They will agree with
the client more often than not even though there might be a better solution.
What clients are really looking for is our best thinking to help inform
their decision, even if that thinking is contrary to what they believe. We
have an obligation to be transparent, honest, and to bring that best
thinking forward; and when we do, we can be trusted which is a big part of
their decision process. You have to be willing to do those three things if
you are going to get through the quagmire of technology-informed feature
functions conversations of most tech firms.

CEOCFO: What are some
of the challenges in keeping current with the regulatory issues, changes are
frequent?

Mr. Nixon:
It changes either because of federal regulation or something happens in the
marketplace. Target is an example of that. Something happens that compels
people to think about it, act upon it or reassure themselves that they are
doing all they can. The issues around data security and compliance I think
are many. They are heavily regulated, so you have standards like HIPAA that
dictate how protected health information is managed by third parties. You
have other industry standards that need to be complied with such as PCI,
which is a standard that retailers are expected to achieve. There are
certifications that clients want like SSAE16 SOC 2, which is a standard set
by the AICPA. There is a ton out there and it moves constantly. When we
started getting into this, and clients started asking about it a few years
ago, we decided that we were going to take our own journey and try to put
ourselves in their position and see what we needed to do in order to be a
compliant organization. We started on that journey driven by clients who
were expressing concerns over continued cyber attacks, the loss of data and
all the other ways in which their systems could be breached. Just recently
in April of this year, IBM came out with a study[1]
that mentioned that there were 1.5 million monitored cyber-attacks in the US
in 2013, which resulted in 91 million events and several thousand incidents.
It is growing at a rate of about 12% a year, according to that survey, so
this is not a problem that is going away but that is getting more intense.
Data security compliance, regardless of industry, is becoming a much bigger
issue for companies today.

CEOCFO: Security
providers come from different angles with the hardware, software, not when
but if and letting you know that something has happened. How do you get
through all that noise to know what to recommend to your clients?

Mr. Nixon:
I think that when companies are grappling with this issue and are looking
for help, it is just as important to evaluate the provider or partner that
you are working with as it is the technology or the systems. The technology
and systems can only do so much: it is the partner that usually is the
differentiating factor. The partner is actually working on your behalf and,
as such, they need to make sure they know the individual, the company and
they need to provide their best thinking on the topic. In reflection, I
think we have learned that there is a language to compliance that has to be
understood from both the client's perspective and from the partner's
perspective. For instance, there is a difference between a breach and a
security incident; they may sound similar but they are different. You have
to understand the language of data security and compliance in order to
create the most effective technical tools and experiential tools necessary
to make sure that you are safe and secure. We also believe that in order to
build a secure and compliant technical solution, the partner needs to be
compliant. Many times a company will go out and hire a firm because that
firm has what they think is the right technology and or the right system.
What they fail to understand is that security incidents can occur, not
because of the technology they deploy or what they do on their side, but
because of how the partner conducts their own business. For instance, we
build HIPAA compliant technology solutions for our clients, but if we do not
manage our own security and our own data and processes properly, we could
create a breach of some sort. It is important that clients understand that
when you are evaluating your solution, you have to make sure that partner
understands it and is just as compliant as you want to be.

CEOCFO: How can
someone evaluate without a company like Highland to help?

Mr. Nixon:
You can ask some simple questions. If you are a hospital for instance, that
has to comply with HIPAA regulation, it is important that you ask if the
company you are considering is HIPAA compliant. And if so, are they able to
engage you with a business associate agreement, which is an agreement
where the partner assures you that they will appropriately safeguard your
protected health information and align themselves with the same level of
responsibility for that information as the covered entity. Look at their
operations, visit their company and our just see if they have you check in
when you enter. That is a simple way of seeing if they take security
seriously.

CEOCFO: Are you able
to weed out unacceptable services to help your customers?

Mr. Nixon:
What we have learned is that in order to be able to provide a real solution
for data security and compliance activities you really need to be all-in
with the client. This is one of those issues that will often differentiate
somebody who you want to choose versus not choose and goes beyond the
contractual obligations; you have to share a passion for the issue. Security
and compliance is a journey that never ends; and once you are in, you are
in. For us that means that everyone in our business needs to be invested,
and everyone involved in the clients’ business needs to be invested. They
need an interest in creating and maintaining a compliant system. We think
that an investment in our own security and compliance measures is an
investment in our clients and in the relationships we build with our
clients; so we exemplify that passion by the rigor that we use internally to
manage our own business. We think that builds a great trusting relationship
with our clients. We also think that sometimes a little bit of paranoia is a
good thing. You can actually take the fear that people feel about this issue
and turn that fear into action: action that is propelled at times by
wondering where the next vulnerability lies. You can turn this little bit of
the paranoia from negative energy and worry into wind in your sail and
actionable activity.

CEOCFO: Highland
Solutions was recently named the Three-star VAR Award Winner by SugarCRM.
Why the recognition? Why do you like Sugar and how does it help you provide
the best for your clients?

Mr. Nixon:
We were named one of the three-star platinum partners of which there are
twenty in the world. We were given that designation for a few reasons. We
engage a lot of Sugar clients and build solutions across the country, so we
do a great deal of work on the Sugar platform. It is also in recognition of
the leadership that we have in understanding client dynamics, for example
data security and compliance. We have made a real commitment to take the
Sugar platform and making it create value for our clients in unique ways.
Even though it is a client CRM system, which typically is synonymous with
some sort of sales force enablement tool, we find new and creative ways of
using the platform. We think its architecture is consistent and really
supports our ability to create customized solutions for our clients. It is a
stable system and we like that. We like working with the Sugar leadership
team and all the people that support the product. They are responsive to us
and supportive of our efforts. It is a platform that we can use as the
centerpiece to building out solutions that have to work in certain
environments (like a high-security environment). It is easy to use and
affordable for our clients. It is a solid platform and a nice alternative to
some of the other CRM systems that are out there.

CEOCFO: What is the
strategy for the next year or so?

Mr. Nixon:
We remain committed to this idea of compliance and security both internal to
our business as well as with our clients, so we are going to continue to
make strong investments in 2014 in that platform. We recently hired a
compliance officer, who holds a law degree and a certificate in health law
from the University of Pittsburgh. She is also a practicing attorney here in
Illinois. We made a strong commitment to continue to reinforce that as part
of our practice. We continue to make investments in talented and creative
people. As I was just telling another group, in order to create a great
client experience, which is why we are here, it takes a combination of good
technology, great people and a good understanding of the client to make that
happen. We are committed to continue to invest in technology, in our people,
and in the patience of time to ask really good questions to get to know our
clients well before we do the first bit of work on the solution.

CEOCFO: What is your
focus as COO?

Mr. Nixon:
At Highland, we subscribe to a servant leadership model. A servant
leadership model essentially takes the traditional organizational chart and
turns it upside down, putting the client at the top. Right next to them are
our gifted and talented people that work every day to create a great
experience with our clients. It is my job to figure out how to enable them
and empower them to do that. I focus every day on ensuring they have the
tools, the understanding of our clients, and push aside the barriers that
get in their way of creating a great client experience.